搭建ELK日志分析系统（Docker方式）

1. 安装Docker CE

$ sudo yum install -y yum-utils \
  device-mapper-persistent-data \
  lvm2

$ sudo yum-config-manager \
    --add-repo \
    https://download.docker.com/linux/centos/docker-ce.repo

$ sudo yum install docker-ce

$ sudo systemctl start docker

$ sudo docker run hello-world

2. 安装Docker Compose

$ sudo curl -L https://github.com/docker/compose/releases/download/1.21.2/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose

$ sudo chmod +x /usr/local/bin/docker-compose

$ docker-compose --version

3. 从https://github.com/deviantony/docker-elk克隆源代码

$ git clone https://github.com/deviantony/docker-elk

$ docker-compose up -d

4. 默认端口配置

• 5000: Logstash TCP input
• 9200: Elasticsearch HTTP
• 9300: Elasticsearch TCP transport
• 5601: Kibana

5. 修改logstash.conf配置

input {
  tcp {
    port => 5000
    codec => json_lines
  }
}

output {
  elasticsearch {
    hosts => "elasticsearch:9200"
  }
}

6. 在微服务项目中，添加logback-spring.xml配置文件，内容如下：

    

    
    

    
        

        
            ${logstashDest}
            
                
                     
                     
                     
                    
                    

                    
                        
                            {
                            
                            
                            "appName": "${appName}",
                            "appVersion": "${appVersion}"
                            }